Custom Software Engineer
Project Role Description : Develop custom software solutions to design, code, and enhance components across systems or applications. Use modern frameworks and agile practices to deliver scalable, high-performing solutions tailored to specific business needs.
Must have skills : OneTrust Privacy Management
Good to have skills : NA
Minimum 3 year(s) of experience is required
Educational Qualification : 15 years full time education
OneTrust Universal Consent & Preference Management (UCPM) – EPC ScopeThe EPC uses OneTrust strictly as a communication preference and consent system of record
Cookie consent, CMP banners, mobile app consent, and trust center features are out of scope for EPC, but awareness is still required to avoid misconfiguration
Purposes (Communication Preferences)
EPC models all communication preferences as UCPM Purposes
o One purpose per Brand Preference Category Communication Channel
o Email and SMS are always separate purposes
Purposes are treated as immutable after creation (especially Purpose Name and ID)
Only CONFIRMED (opt in) and WITHDRAWN (opt out) statuses are actively used
Required skills: o Purpose creation and versioning
o Understanding downstream dependencies on purpose IDs and nameso Managing prod vs non prod purpose parity
Collection Points (Custom API Collection Points)
EPC exclusively uses Custom API collection points (no hosted or embedded forms)
Collection points represent hard attribution and integration boundaries, not just metadata
Each collection point has a unique JWT (RequestInformation) used by API clients
Collection points are now architecturally significant due to CDP connector filtering constraints
Required skills: o Creating and versioning collection points
o Generating, rotating, and distributing JWTso Knowing when to reuse vs create new collection points
o Managing prod and non prod collection point alignment
Consent Receipts API & Preferences API
All EPC opt in and opt out transactions enter OneTrust via the Consent Receipts API
Preference reads (e.g., My Garage UI) rely on the Preferences API
EPC uses Dynamic Configuration collection points and explicitly manages identifier type
Required skills: o Understanding Consent Receipts vs Preferences vs Data Subject APIs
o Validating request payloads and transaction typeso Troubleshooting silent failures and async processing behavior
o Awareness of API limits and performance characteristics
Data Subjects & Identifier Strategy
EPC uses email address as the sole identifier for communication preferences
No identity unification or cross identifier resolution is performed in OneTrust
Other non EPC use cases (e.g., IAM based identifiers) must be isolated via collection points
Required skills: o Managing data subject records and identifier configuration
o Understanding risks of enabling multi identifier collection pointso Enforcing EPC s identifier constraints within a flexible platform
Versioning, Publishing, and Change Control
All purpose and collection point changes are versioned
Draft versions are non transactable until explicitly published
Some collection point updates trigger new JWTs that must be redistributed
Required skills: o Managing draft vs published versions
o Coordinating safe publishes across environmentso Performing impact analysis before changes
Environment Management (Prod vs Non Prod)
EPC maintains parallel configurations in production and non production tenants
Purpose IDs and Collection Point IDs differ by environment but must stay logically aligned
Required skills: o Maintaining environment parity without native sync tooling
o Supporting UAT and lower environment testingo Preventing environment drift
Security, Access Control, and API Credential Stewardship
OneTrust APIs are never called directly by external vendors calls are wrapped by middleware
JWTs and service credentials are sensitive and tightly governed
Admin access is limited and high impact
Required skills: o Managing OneTrust roles and permissions
o Secure handling of API tokens and JWTso Coordinating with security, IAM, and integration teams
Auditability, Reporting, and Support
OneTrust serves as the audit system of record for consent transactions
Used for investigation, regulatory support, and troubleshooting marketing issues
Required skills: o Navigating consent receipts, transactions, and data subject histories
o Explaining consent state changes to technical and non technical stakeholderso Supporting audits and compliance inquiries
Advanced UCPM Features – Awareness Required, Use Is Restricted
Features intentionally not used by EPC include: o Implicit consent
o Consent expirationo Cross device or parent child consent
o Hosted or embedded web forms
o Multi identifier collection points
Required skills: o Broad UCPM feature knowledge
o Ability to prevent well intended but unsafe configurationso Strong governance and architectural judgment